] Susan Bradley here again for CSO online. Today I’m going to talk about some Office 365 resources for security that you may not think about. I’m a firm believer that education and awareness can go a long way to help keeping you secure. And here’s some of the resources that I use to keep abreast of the new stuff coming out. First off I always look at the U.S. CERT site. Here’s an example of a recent alert that they sent out regarding the threats to managed service providers. As managed service providers get into cloud offerings and Office 365 you manage the access for a lot of people under your control. Think about it. If you have multiple clients all one has to do is attack you and then the attackers get into all of your clients as well. So think about that. Sometimes it’s hard to find a resource for a consultant. You want a place where you can ask private questions and not be in a public venue. So here’s an example of a gentleman that I know that has a resource specifically for consultants. It’s called the CIAOPS Academy. It’s provided by Robert Crane in Australia and he provides a private location some private resources for consultants to ask questions to get some resources. In general he has some very good resources for Office 365 specifically for consultants. He has some private resources that you have to pay for but he also has some public resources for example out here on github. He has quite a few power shell scripts that allow you to setup security in Office 365 do some logging and auditing and some various other scripts that he has out there. Other script repositories on him GitHub include the partners smart office. That segregates information obtained from the intelligence security graph and Office 365 secure secures score that enables parties to take advantage of advanced analytics and electrics. While you’re out on github. Just kind of look around and you can see that other people have provided security scripts as well. Here’s one on doing an audit of a client’s office 365 environment. I find that keeping up with the blogs and the sites regarding 365 helped me stay aware of the latest things to come out. For example here’s the Office 365 community out on the tech community site for Microsoft. They also have an Office 365 venue. Microsoft 365 blog. I always keep track of that. There’s a Microsoft 365 business blog. There is an office 365 blog as well. And last but not least I always make sure that I track the windows I.T. pro blog for the latest information. And of course I’m a fan of the spiceworks site. Spice works allows you to compare your information with other I.T. pros or other consultants. So it’s a good place to share information and to get great information as well. If you work in government or if you need to provide services for government contractors you want to make sure that you are aware of the Microsoft 365 NIST 800-53 action plan and other resources. Here’s an example here on the Microsoft site.
Twitter is a new way that resources can come to you. For example here’s the Microsoft’s 365 Twitter account and just the other day they talked about some new advance security and compliance offerings for Microsoft 365. You can click here and see where there’s additional offerings. I’ll be talking about that in upcoming a little recording. In addition I’ve got Robert Crane’s Twitter account. And Alexander Fields Twitter account. And he for example just the other day did a. Resource on how to use data loss prevention to automatically file HIPAA incidents reports in Microsoft 365. Bottom line there’s lots of resources out here. And if you keep aware, they’ll help you keep secure at the same time until next time. This is Susan Bradley for CSO Online.